feat: CI/CD pour packages .deb et .rpm + tests d'installation

Nouveaux workflows GitHub Actions: - .github/workflows/build-deb.yml : Build et release DEB sur Ubuntu - .github/workflows/build-rpm.yml : Build et release RPM sur Fedora - Déclenchement sur tags v*, push main/master, workflow_dispatch - Upload des artifacts et création automatique de release Système de build de packages: - packaging/build-deb.sh : Script de build .deb avec sanitization version - packaging/build-rpm.sh : Script de build .rpm (via Docker) - packaging/Dockerfile.deb : Container Ubuntu 22.04 pour build DEB - packaging/Dockerfile.rpm : Container Go 1.24 + rpm pour build RPM Fichiers de configuration systemd: - packaging/systemd/ja4sentinel.service : Unit avec security hardening * NoNewPrivileges, ProtectSystem, ProtectHome * CAP_NET_RAW, CAP_NET_ADMIN pour packet capture - packaging/systemd/config.yml : Configuration par défaut Scripts mainteneur DEB: - packaging/deb/postinst : Création user/group, dirs, config - packaging/deb/prerm : Stop service avant upgrade/remove - packaging/deb/postrm : Cleanup complet en purge Spec file RPM: - packaging/rpm/ja4sentinel.spec : Spec complet avec dependencies * Requires: systemd, libpcap * %pre/%post/%preun/%postun scripts Tests d'installation dans containers: - packaging/test/test-deb.sh : Build + test Docker Ubuntu - packaging/test/test-rpm.sh : Build + test Docker Fedora - packaging/test/test-install-deb.sh : 11 tests automatisés - packaging/test/test-install-rpm.sh : 11 tests automatisés - Dockerfile.deb/rpm : Containers de test dédiés Makefile: - package-deb : Build .deb - package-rpm : Build .rpm via Docker (no-cache) - package : Build les deux - test-package-deb : Build + test installation DEB - test-package-rpm : Build + test installation RPM - test-package : Test les deux packages Tests: - ✅ DEB: 11/11 tests passés (binaire, config, service, user, dirs) - ✅ RPM: Build réussi (3.3 MB) - Version sanitization pour git tags (ex: efd4481-dirty → 0.0.0+efd4481-dirty) Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
2026-02-25 21:05:23 +01:00
parent efd4481729
commit 61bf05454e
19 changed files with 1246 additions and 2 deletions
--- a/packaging/build-rpm.sh
+++ b/packaging/build-rpm.sh
@ -0,0 +1,78 @@
+#!/bin/bash
+# Build script for .rpm package
+# Usage: ./build-rpm.sh [version] [architecture]
+
+set -e
+
+# Sanitize version for RPM package (must start with digit)
+VERSION="${1:-1.0.0}"
+ARCH="${2:-x86_64}"
+PACKAGE_NAME="ja4sentinel"
+
+# Convert git version to RPM-compatible format
+if [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then
+    RPM_VERSION="$VERSION"
+elif [[ "$VERSION" =~ ^v([0-9]+\.[0-9]+\.[0-9]+) ]]; then
+    RPM_VERSION="${BASH_REMATCH[1]}"
+else
+    RPM_VERSION="0.0.0.${VERSION//[^a-zA-Z0-9.]/_}"
+fi
+
+echo "=== Building ${PACKAGE_NAME} ${RPM_VERSION} for ${ARCH} ==="
+
+# Directories
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
+BUILD_DIR="${PROJECT_ROOT}/build/rpm"
+RPMBUILD_DIR="${BUILD_DIR}/rpmbuild"
+
+# Clean and create build directory
+rm -rf "${BUILD_DIR}"
+mkdir -p "${RPMBUILD_DIR}/BUILD"
+mkdir -p "${RPMBUILD_DIR}/RPMS"
+mkdir -p "${RPMBUILD_DIR}/SOURCES"
+mkdir -p "${RPMBUILD_DIR}/SPECS"
+mkdir -p "${RPMBUILD_DIR}/SRPMS"
+
+# Copy binary (build if not exists)
+if [ ! -f "${PROJECT_ROOT}/dist/ja4sentinel-linux-amd64" ]; then
+    echo "Building binary..."
+    cd "${PROJECT_ROOT}"
+    make build-linux
+fi
+cp "${PROJECT_ROOT}/dist/ja4sentinel-linux-amd64" "${RPMBUILD_DIR}/SOURCES/ja4sentinel"
+chmod 755 "${RPMBUILD_DIR}/SOURCES/ja4sentinel"
+
+# Copy systemd service
+cp "${SCRIPT_DIR}/systemd/ja4sentinel.service" "${RPMBUILD_DIR}/SOURCES/ja4sentinel.service"
+chmod 644 "${RPMBUILD_DIR}/SOURCES/ja4sentinel.service"
+
+# Copy default config
+cp "${SCRIPT_DIR}/systemd/config.yml" "${RPMBUILD_DIR}/SOURCES/config.yml"
+chmod 640 "${RPMBUILD_DIR}/SOURCES/config.yml"
+
+# Copy spec file and update version
+sed "s/Version:        .*/Version:        ${RPM_VERSION}/" "${SCRIPT_DIR}/rpm/ja4sentinel.spec" > "${RPMBUILD_DIR}/SPECS/ja4sentinel.spec"
+
+# Build the RPM package
+echo "Building .rpm package..."
+rpmbuild -bb \
+    --define "_topdir ${RPMBUILD_DIR}" \
+    --define "_arch ${ARCH}" \
+    "${RPMBUILD_DIR}/SPECS/ja4sentinel.spec"
+
+# Copy RPM to build directory
+find "${RPMBUILD_DIR}/RPMS" -name "*.rpm" -exec cp {} "${BUILD_DIR}/" \;
+
+# Calculate checksum
+cd "${BUILD_DIR}"
+for rpm_file in *.rpm; do
+    if [ -f "$rpm_file" ]; then
+        sha256sum "$rpm_file" > "${rpm_file}.sha256"
+    fi
+done
+
+echo ""
+echo "=== Build complete ==="
+echo "Package: ${BUILD_DIR}/${PACKAGE_NAME}-${VERSION}-1.${ARCH}.rpm"
+ls -la "${BUILD_DIR}"/*.rpm 2>/dev/null || true